Share This

Cloud computing -- outsourcing computational tasks over the Internet -- could give home-computer users unprecedented processing power and let small companies launch sophisticated Web services without building massive server farms. But it also raises privacy concerns. A bank of cloud servers could be running applications for 1,000 customers at once; unbeknownst to the hosting service, one of those applications might have no purpose other than spying on the other 999.

Related Articles

But it also raises privacy concerns. A bank of cloud servers could be running applications for 1,000 customers at once; unbeknownst to the hosting service, one of those applications might have no purpose other than spying on the other 999.

Encryption could make cloud servers more secure. Only when the data is actually being processed would it be decrypted; the results of any computations would be re-encrypted before they're sent off-chip.

In the last 10 years or so, however, it's become clear that even when a computer is handling encrypted data, its memory-access patterns -- the frequency with which it stores and accesses data at different memory addresses -- can betray a shocking amount of private information.

At the International Symposium on Computer Architecture in June, MIT researchers described a new type of secure hardware component, dubbed Ascend, that would disguise a server's memory-access patterns, making it impossible for an attacker to infer anything about the data being stored. Ascend also thwarts another type of attack, known as a timing attack, which attempts to infer information from the amount of time that computations take.

Computational trade-off

Similar designs have been proposed in the past, but they've generally traded too much computational overhead for security. "This is the first time that any hardware design has been proposed -- it hasn't been built yet -- that would give you this level of security while only having about a factor of three or four overhead in performance," says Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science, whose group developed the new system. "People would have thought it would be a factor of 100."

The "trivial way" of obscuring memory-access patterns, Devadas explains, would be to request data from every address in the memory -- whether a memory chip or a hard drive -- and throw out everything except the data stored at the one address of interest. But that would be much too time-consuming to be practical.

What Devadas and his collaborators -- graduate students Ling Ren, Xiangyao Yu and Christopher Fletcher, and research scientist Marten van Dijk -- do instead is to arrange memory addresses in a data structure known as a "tree." A family tree is a familiar example of a tree, in which each "node" (in this example, a person's name) is attached to only one node above it (the node representing the person's parents) but may connect to several nodes below it (the person's children).

With Ascend, addresses are assigned to nodes randomly. Every node lies along some "path," or route through the tree, that starts at the top and passes from node to node, without backtracking, until arriving at a node with no further connections. When the processor requires data from a particular address, it sends requests to all the addresses in a path that includes the one it's really after.

To prevent an attacker from inferring anything from sequences of memory access, every time Ascend accesses a particular memory address, it randomly swaps that address with one stored somewhere else in the tree. As a consequence, accessing a single address multiple times will very rarely require traversing the same path.

Less computation to disguise an address

By confining its dummy requests to a single path, rather than sending them to every address in memory, Ascend exponentially reduces the amount of computation required to disguise an address. In a separate paper, which is as-yet unpublished but has been posted online, the researchers prove that querying paths provides just as much security as querying every address in memory would.

Ascend also protects against timing attacks. Suppose that the computation being outsourced to the cloud is the mammoth task of comparing a surveillance photo of a criminal suspect to random photos on the Web. The surveillance photo itself would be encrypted, and thus secure from prying eyes. But spyware in the cloud could still deduce what public photos it was being compared to. And the time the comparisons take could indicate something about the source photos: Photos of obviously different people could be easy to rule out, but photos of very similar people might take longer to distinguish.

So Ascend's memory-access scheme has one final wrinkle: It sends requests to memory at regular intervals -- even when the processor is busy and requires no new data. That way, attackers can't tell how long any given computation is taking.

More From ScienceDaily

More Computers & Math News

Featured Research

Mar. 31, 2015 — Video games not only sharpen the visual processing skills of frequent players, they might also improve the brain's ability to learn those skills, according to a new study. Gamers showed faster ... full story

Mar. 31, 2015 — Children who play video games for more than three hours a day are more likely to be hyperactive, get involved in fights and not be interested in school, says a new study. It examined the effects of ... full story

Mar. 31, 2015 — Using the assessment tool ForWarn, US Forest Service researchers can monitor the growth and development of vegetation that signals winter's end and the awakening of a new growing season. Now these ... full story

Mar. 31, 2015 — A team of engineers and biologists reports new progress in using computer modeling and 3D shape analysis to understand how the unique grasping tails of seahorses evolved. These prehensile tails ... full story

Mar. 31, 2015 — Searching the Internet for information may make people feel smarter than they actually are, according to new research. In a series of experiments, participants who searched for information on the ... full story

Mar. 30, 2015 — Neuroscientists are taking inspiration from natural motor control to design new prosthetic devices that can better replace limb function. Researchers have tested a range of brain-controlled devices ... full story

Mar. 30, 2015 — Speaking in public is the top fear for many people. Now, researchers have developed an intelligent user interface for 'smart glasses' that gives real-time feedback to the speaker on volume modulation ... full story

Mar. 30, 2015 — To help scientists make sense of 'brain big data,' researchers have used data mining to create www.neuroelectro.org, a publicly available website that acts like Wikipedia, indexing physiological ... full story

Mar. 30, 2015 — As the demand for instant, constant communication grows, so too does the urgency for more convenient portable devices -- especially computer displays that can be easily rolled up and stored or ... full story

Featured Videos

Bionic Ants Could Be Tomorrow's Factory Workers

Reuters - Innovations Video Online (Mar. 30, 2015) — Industrious 3D printed bionic ants working together could toil in the factories of the future, says German technology company Festo. The robotic insects cooperate and coordinate their actions and movements to achieve a common aim. Amy Pollock reports.
Video provided by Reuters

Internet Giants Drive Into the Electric Vehicle Space

Reuters - Business Video Online (Mar. 30, 2015) — Internet companies are looking to disrupt the auto industry with new smart e-vehicles, but widespread adoption in Asia may not be cured by new Chinese investments. Pamela Ambler reports.
Video provided by Reuters

Related Stories

July 10, 2014 — Encryption might not be enough for all that data stored in the cloud. Usage patterns -- which files are accessed and when -- can give away secrets as well. Computer scientists have developed an ... full story

Apr. 28, 2014 — Small businesses could save up to 62% of energy costs by switching to a cloud computing system for their invoicing, according to research. The approach of integrating cloud computing and a more ... full story

May 17, 2011 — Security concerns are one of the key obstacles to the adoption of new non-volatile main memory (NVMM) technology in next-generation computers, which would improve computer start times and boost ... full story

Apr. 6, 2011 — Cloud computing represents a significant shift in how we use information technology. Storage space for digital files, processing power and services and software are abstracted away from the ... full story

ScienceDaily features breaking news and videos about the latest discoveries in health, technology, the environment, and more -- from major news services and leading universities, scientific journals, and research organizations.